Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6607 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24134 2026-01-28 6.5 Medium
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
CVE-2026-24525 2 Cloudpanel, Wordpress 2 Clp Varnish Cache, Wordpress 2026-01-27 8.1 High
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
CVE-2026-22481 1 Wordpress 1 Wordpress 2026-01-27 8.8 High
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.
CVE-2025-69190 1 Wordpress 1 Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
CVE-2025-68896 1 Wordpress 1 Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.
CVE-2025-68882 1 Wordpress 1 Wordpress 2026-01-27 7.5 High
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.
CVE-2025-68558 2 Averta, Wordpress 2 Depicter Slider, Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.
CVE-2025-68073 2 Ninjateam, Wordpress 2 Gpdr Ccpa Compliance Support, Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.
CVE-2025-68911 2 Solacewp, Wordpress 2 Solace, Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.
CVE-2025-14971 3 Linknacional, Woocommerce, Wordpress 3 Link Invoice Payment For Woocommerce, Woocommerce, Wordpress 2026-01-27 5.3 Medium
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.
CVE-2025-69184 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-60116 2 Themegoods, Wordpress 2 Grand Conference, Wordpress 2026-01-27 5.4 Medium
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.
CVE-2026-1142 1 Phpgurukul 1 News Portal 2026-01-27 4.3 Medium
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-22348 1 Wordpress 1 Wordpress 2026-01-27 5.3 Medium
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.
CVE-2025-69315 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.
CVE-2025-69313 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-01-27 7.5 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2025-69311 1 Wordpress 1 Wordpress 2026-01-27 7.6 High
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.
CVE-2025-6685 1 Aten 1 Eco Dc 2026-01-27 N/A
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
CVE-2026-24539 2 Clickdatos, Wordpress 2 Proteccion De Datos Rgpd, Wordpress 2026-01-27 5.3 Medium
Missing Authorization vulnerability in ABCdatos Protección de datos &#8211; RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos &#8211; RGPD: from n/a through <= 0.68.
CVE-2026-22458 2 Mikado-themes, Wordpress 2 Wanderland, Wordpress 2026-01-27 4.3 Medium
Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.